[kmf-discuss] pktool import/export file <-> pkcs11
Darren J Moffat
Darren.Moffat at Sun.COM
Wed Aug 8 01:42:47 PDT 2007
Huie-Ying Lee wrote:
> The generic key support was added after phase 1 and it is supported only
> on ONNV currently.
Just in ONNV is fine, I've been looking at this in the context of
ZFS-crypto which is an ONNV target only project.
> With the generic key support, I think it should be OK to treat it as a
> generic symmetric key
> when importing a key file.
That sounds perfect. It may also be desirable to allow import of a raw
key file to take the same keytype= argument that genkey does so that you
can be specific if necessary.
> BTW, one idea that we have thought of (but havn't had chances to pursue
> further) is to create
> an .xml file that would contain meta-data for raw symmetric keys in a
> single directory.
> This meta-data XML file will allow better symmetric key management.
Interesting in the general case but not for my specific usage.
--
Darren J Moffat
More information about the kmf-discuss
mailing list